Timer and content security

ABSTRACT

A method, computer system, and a computer program product for timing secured content is provided. The present invention may include receiving a connection request and generating a pass-phrase and a key. The present invention may include encrypting a data packet, wherein the encrypted data packet consists of non-persistent data, and wherein the encryption method is symmetric encryption. The present invention may include sending the encrypted data packet to the user device. The present invention may include receiving a pass-phrase request. The present invention may include sending the generated pass-phrase, wherein the user device decrypts the encrypted data packet based on the received generated pass-phrase and key. The present invention may include receiving a message to start a timer and then invalidate access to the data packet when the timer runs out.

STATEMENT REGARDING PRIOR DISCLOSURES BY THE INVENTOR OR A JOINTINVENTOR

Aspects of the present invention have been disclosed by the Applicant,who obtained the subject matter disclosed directly from the inventors,in the product IBM Kenexa® Assess on Cloud Version 5.5, made availableto the public on Jun. 18, 2016. The following disclosure is submittedunder 35 U.S.C. § 102(b)(1)(A).

BACKGROUND

The present invention relates generally to the field of computing, andmore particularly to timers and content security.

A user's access time to secure content over a network may be displayedby unequal time distributions from user to user depending on variablessuch as a user's geographic location compared to the server and theuser's network connection speed. A content timer may begin before theuser device has completely downloaded the data, putting users withslower network connections at a disadvantage and conversely users withfaster network connections at an advantage.

SUMMARY

Embodiments of the present invention disclose a method, computer system,and a computer program product for timing secured content. The presentinvention may include receiving, by a server, a connection request froma user device. The present invention may include generating, by theserver, a pass-phrase and a key based on the received connectionrequest. The present invention may include encrypting, by the server, adata packet based on the generated pass-phrase and the generated key,wherein the encrypted data packet consists of non-persistent data, andwherein the encryption method is symmetric encryption. The presentinvention may include sending, by the server, the encrypted data packetto the user device, wherein the sent encrypted data packet is downloadedon the user device before the user device requests the pass-phrase fromthe server. The present invention may include receiving, by the server,a pass-phrase request from the user device, wherein the pass-phrase is agenerated password. The present invention may include sending, by theserver, the generated pass-phrase in response to receiving thepass-phrase request by the user device, wherein the pass-phrase istransmitted in a separate transmission than the encrypted data packet,and wherein the user device decrypts the encrypted data packet based onthe received generated pass-phrase and key. The present invention mayinclude receiving, by the server, a message to start a timer associatedwith the sent data packet. The present invention may include starting,by the server, the timer based on the received message to start thetimer. The present invention may include invalidating, by the server,access to the data packet when the timer runs out.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

These and other objects, features and advantages of the presentinvention will become apparent from the following detailed descriptionof illustrative embodiments thereof, which is to be read in connectionwith the accompanying drawings. The various features of the drawings arenot to scale as the illustrations are for clarity in facilitating oneskilled in the art in understanding the invention in conjunction withthe detailed description. In the drawings:

FIG. 1 illustrates a networked computer environment according to atleast one embodiment;

FIG. 2 is an operational flowchart illustrating a process for timing andsecuring content according to at least one embodiment;

FIG. 3 is a block diagram of internal and external components ofcomputers and servers depicted in FIG. 1 according to at least oneembodiment;

FIG. 4 is a block diagram of an illustrative cloud computing environmentincluding the computer system depicted in FIG. 1, in accordance with anembodiment of the present disclosure; and

FIG. 5 is a block diagram of functional layers of the illustrative cloudcomputing environment of FIG. 4, in accordance with an embodiment of thepresent disclosure.

DETAILED DESCRIPTION

Detailed embodiments of the claimed structures and methods are disclosedherein; however, it can be understood that the disclosed embodiments aremerely illustrative of the claimed structures and methods that may beembodied in various forms. This invention may, however, be embodied inmany different forms and should not be construed as limited to theexemplary embodiments set forth herein. Rather, these exemplaryembodiments are provided so that this disclosure will be thorough andcomplete and will fully convey the scope of this invention to thoseskilled in the art. In the description, details of well-known featuresand techniques may be omitted to avoid unnecessarily obscuring thepresented embodiments.

The present invention may be a system, a method, and/or a computerprogram product at any possible technical detail level of integration.The computer program product may include a computer readable storagemedium (or media) having computer readable program instructions thereonfor causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language or similar programminglanguages. The computer readable program instructions may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network, including a local area network(LAN) or a wide area network (WAN), or the connection may be made to anexternal computer (for example, through the Internet using an InternetService Provider). In some embodiments, electronic circuitry including,for example, programmable logic circuitry, field-programmable gatearrays (FPGA), or programmable logic arrays (PLA) may execute thecomputer readable program instructions by utilizing state information ofthe computer readable program instructions to personalize the electroniccircuitry, in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

The following described exemplary embodiments provide a system, methodand program product for timing access to secure data. As such, thepresent embodiment has the capacity to improve the technical field ofsecure content timing by controlling the start time and the end time auser device (i.e., client device) may access secure content. Morespecifically, timing when a user may begin to access secure data maycreate an equal amount of time during which users may access the dataregardless of the user's proximity to the server or the user's networkconnection speed. Additionally, an equal time window to access data mayalso be created by securing transmitted data that may not be decryptedwith a passcode (i.e., unlocked with a pass-phrase) by the user deviceuntil the user device has received and downloaded the secure data. Oncethe user device has received and downloaded the secure data, the userdevice may then request a pass-phrase from the server. After the userdevice receives the pass-phrase to access the data, the timer may beginwhen the user device decrypts the data with the generated pass-phrase. Apass-phrase may consist of a way for the user to unlock the secureddata, such as, by a passcode, password, or encryption key.

As previously described, a user's access time to secure content over anetwork may be displayed by unequal time distributions from user to userdepending on variables such as a user's geographic location compared tothe server and the user's network connection speed. A content timer maybegin before the user device has completely downloaded the data (i.e.,before the user is able to access the secure content), putting userswith slower network connections at a disadvantage and conversely userswith faster network connections at an advantage. In addition to timers,ensuring the decryption process takes place within a limited amount oftime may further secure the transmitted data. Timing user access to datawith encryption key accessibility may both allow equal time for usersaccessing content over a network and create a more secure data network.

Latency in a network connection may vary depending on a user'sgeographic location and the type of internet connection a user may have.Internet technology has made services such as automatically administeredtests (e.g., knowledge and skills tests) available to users globally.Upon beginning a test administered over a communication network, a usermay think equal time for the exam is given to each user taking the exam.More time may be given to a user viewing, interacting with or respondingto the exam questions in cases where a user may have high speedinternet. Consequentially, less time may be given to a user viewing,interacting with or responding to the exam questions in cases where auser may have a slow internet connection. One cause for the unequaldistribution of time to exam takers may be from the test timer startingbefore the exam content is fully received and downloaded by the userdevice, giving more advanced user devices and fast internet technologydevices an advantage over older and slower connections and devices.

For example, in a testing environment, to make the internet administeredtests fair, each user should be allowed equal time to review the examquestions and provide responses. The disadvantage of a timer startingbefore the content is fully received, downloaded and decrypted by theuser device is a test taking environment in which a user may have lesstime to answer an online exam question or less time to complete theentire exam. In addition to preventing the timer from beginning beforethe content is made available to a user, content security may beenhanced by preventing malicious attackers from gaining access to thecontent while the data is being transmitted by sending thenon-persistent pass-phrase to the user device after the encrypted datapacket has already been received and downloaded by the user device.

Another example of unequal timing amongst users may include a timerstarting when the code is ready but the rest of the Document ObjectModel (DOM) may not be ready. In this case, a timer may have started andthe user may see the timer ticking down but the user may not yet havefull access to the data. In a case where the timer starts after theentire DOM is loaded, then a user with a slow network connection or adevice using a proxy to manipulate web applications may use theapplication to complete a portion of a data test without the timerstarting. In this example, by not allowing a user to access informationbefore the browser has completely downloaded the data, the time allottedto each user may be equal.

Another timer and content security problem may arise due to thedistributed nature of modern networked applications. A service providermay have limited guarantees associated with the end user's behavior,such as in a case that may require access to restricted data. Restricteddata may allow a user to access the secured data for a finite timeperiod or may require a user to respond within a specified time period.Therefore, it may be advantageous to, among other things, ensure a userhas relevant access to secure data for the specified time period bycommencing a timer on a task when the user may gain full access to thesecure data. Additionally, data security may be enhanced by preventingmalicious attackers from gaining access to content while the data isbeing transmitted by sending a pass-phrase or encryption key to the userdevice separately from the encrypted data packet and after the contentis fully downloaded and ready to be accessed.

According to at least one embodiment, a secure timer program may displaysecure content presented on a web based application over a network for apredefined time period that may ensure an equal amount of time for eachuser to view the data, interact with the data or respond to the data.The objective may be to establish for each user a start time to coincidewith the receipt of the contents so one user does not have an unfairadvantage over another user due to variables such as geographic locationand user network speed. Creating a timer start access time once thecontent is received, downloaded and able to be decrypted may allow theusers to have access to the content for the same amount of time. Theelement of securing data may relate to the time in which an encryptedpass-phrase is used by the user device when the data is ready to beaccessed (i.e., fully received and downloaded by user device).

The present embodiment may allow a user to have a fixed duration ofaccess time to secure data. Providing an equal amount of time to accesssecure data to each user may include controlling the start time and theend time a user may view the data, interact with the data or respond tothe data. Once the timer has run out, the user may not be able to viewthe data, interact with the data or a respond to the data. The timerlimits a user's access and beginning the timer once a user can accessthe data may allow all users to have equal time to access secure data.

Timing of when a pass-phrase may be sent to a user device from a servermay be near the time the pass-phrase may be used, such as after theencrypted content is received and downloaded by a user device. The timermay then begin after the secure content is fully downloaded and the userdevice gains access to the pass-phrase to unlock the contents. Startingthe timer once the fully downloaded encrypted data packet is decryptedmay allow each user an equal amount of time to access, interact with orrespond to the data. Properly timing a user's access, responses orinteractions with the secure content may remove the disadvantage of theuser with a slow network connection, creating an equal time periodduring which each user may have access to secure data.

The present embodiment may also ensure that the secure data may besafeguarded against hack attempts by having the server send theencryption key (i.e., pass-phrase or passcode) at the time the data hasbeen downloaded and is ready to be accessed by the user device. Inaddition to timing how long a user may be able to access the decryptedcontent, the secure timer program may ensure when data may be decrypted.Timing when data may be decrypted increases the security of theencrypted content by lessening the time the encryption key is accessibleto the user device storing the encrypted data. A non-persistentencryption key may be associated with decrypting the encrypted datapacket where the non-persistent key may not be saved on the user deviceor may be saved for a short period of time. Encrypted content may remainencrypted until a user accesses the pass-phrase to unlock the content.Encrypted data may be unlocked once the content is ready to be accessedby the user.

The present embodiment may not rely on predetermined times of the day toallow access to data, rather, the timer may begin the start time oncethe content is ready for viewing on the end-user's device, then accessmay be ended once the end time is reached. Once the timer has stopped,then the server may not receive any more user responses or interactionswith the secure data. The content interaction may cease at the momentthe timer stops. The secure timer program may or may not persist on amachine or the secure timer program may be associated with content beingsent to a receiving machine. The present embodiment may not requireinstallation of software on a user device or may not require a trialperiod for a given access period. The present embodiment may also beable to run the secure content timer program on a user device (e.g.,computer) or a server.

The present embodiment provides a system and method to encrypt data,control the timing of decryption and enable the data to be presented tothe user at the start time on the timer (i.e., providing a contentescrow system for a client). This embodiment may transmit non-persistentdata to an end user associated with a user device. Non-persistent datamay not be available for a long time period, for example, uponrestarting an application or after the data is made unavailable by atimer. The secure timer program may verify the response time of a userto ascertain if a user may be advantaged or disadvantaged by thebeginning of the timer and by the amount of time allowed for the task.

The secure timer program may track access to data. Tracking access todata may include the time the data may be accessed, when the data may bedecrypted and the duration of time the data may be accessible to theuser. Encrypting the data and transmitting an encrypted data packet(i.e., secure content or data) may keep the data secure and inaccessibleto any user or user device until properly decrypted. To decrypt, thesecure timer program may send the pass-phrase to the user device oncethe data packet is downloaded on the user's device and ready to bedecrypted. The secure timer program may then employ the timer once thecontents have been decrypted by the user and the timer may continue tomonitor access time by the user.

In the present embodiment, the timer may allow the end user access todata for a fixed interval of time. The timer may be implemented on aserver and the timer may be displayed on the end user's device to givethe user an approximation of how much time a user may view the data,interact with the data or respond to the data at a given moment.Alternatively, the timer may not be known to the user and may be hidden.The secure timer program may determine and control the extent of time auser may interact with the content or submit a response. Assuring a useraccess to content for a fixed interval of time notwithstanding a user'sgeographic location or network connection may create equal time accessto the content to each user.

The present embodiment may use, for example, JavaScript® (JavaScript andall JavaScript-based trademarks and logos are trademarks or registeredtrademarks of Oracle Corporation and/or its affiliates) language.JavaScript® language may be made available to a majority of internetusers and may have access to a web based browser with an interpreter,may require no specific hardware or may not require a pre-installedapplication on an end user device. By using JavaScript®, a computerutility program that may be downloaded from a global computer network,and since JavaScript® is widely used around the world, the secure timerprogram may restrict an end user from circumventing the window of timerestriction provided to access restricted data, interact with the dataor to provide a response. When the server timer has finished, the securetimer program may restrict the user from further interaction with thecontent.

The secure timer program may use, for example, symmetric encryption suchas the Advanced Encryption Standard (AES). Symmetric encryption mayallow identical encryption keys shared between the server and userdevice or may allow a transformation between the encryption keys. Thesecure timer program may encrypt data at the server and the encrypteddata may be transmitted to the user device (i.e., client device). Whilein transit, the encrypted data may be secure and the encrypted data maybe unintelligible to an eavesdropper. Upon receiving the entireencrypted data packet, the user device may decrypt the data bygenerating an encryption key using the same pass-phrase used by theserver. The secure timer program may then begin the timer on the serverand begin counting down once the timer receives a message from the userdevice confirming the data packet has been decrypted. The time to sendthe confirmation message may be negligible.

According to another embodiment, the secure timer program may use thetimer without encryption and decryption of data. For example, in asituation when a user accesses a test available to the general public,no encryption may be necessary. This case may allow proper timingmethods even though the test may be free and available to the public.The secure timer program may begin the timer once confirmation is sentto the server from the user device that the unencrypted data packet hasdownloaded.

Referring to FIG. 1, an exemplary networked computer environment 100 inaccordance with one embodiment is depicted. The networked computerenvironment 100 may include a computer 102 with a processor 104 and adata storage device 106 that is enabled to run a software program 108and a secure timer program 110 a. The networked computer environment 100may also include a server 112 that is enabled to run a secure timerprogram 110 b that may interact with a database 114 and a communicationnetwork 116. The networked computer environment 100 may include aplurality of computers 102 and servers 112, only one of which is shown.The communication network 116 may include various types of communicationnetworks, such as a wide area network (WAN), local area network (LAN), atelecommunication network, a wireless network, a public switched networkand/or a satellite network. It should be appreciated that FIG. 1provides only an illustration of one implementation and does not implyany limitations with regard to the environments in which differentembodiments may be implemented. Many modifications to the depictedenvironments may be made based on design and implementationrequirements.

The client computer 102 may communicate with the server computer 112 viathe communications network 116. The communications network 116 mayinclude connections, such as wire, wireless communication links, orfiber optic cables. As will be discussed with reference to FIG. 3,server computer 112 may include internal components 902 a and externalcomponents 904 a, respectively, and client computer 102 may includeinternal components 902 b and external components 904 b, respectively.Server computer 112 may also operate in a cloud computing service model,such as Software as a Service (SaaS), Platform as a Service (PaaS), orInfrastructure as a Service (IaaS). Server 112 may also be located in acloud computing deployment model, such as a private cloud, communitycloud, public cloud, or hybrid cloud. Client computer 102 may be, forexample, a mobile device, a telephone, a personal digital assistant, anetbook, a laptop computer, a tablet computer, a desktop computer, orany type of computing devices capable of running a program, accessing anetwork, and accessing a database 114. According to variousimplementations of the present embodiment, the secure timer program 110a, 110 b may interact with a database 114 that may be embedded invarious storage devices, such as, but not limited to a computer/mobiledevice 102, a networked server 112, or a cloud storage service.

According to the present embodiment, an individual using a clientcomputer 102 or a server computer 112 may use the secure timer program110 a, 110 b (respectively) to ensure a user may obtain access to securedata for a specified time period that may not be affected by geographiclocation or network connection speed. The content security and timermethod is explained in more detail below with respect to FIG. 2.

Referring now to FIG. 2, an operational flowchart illustrating theexemplary timing and securing content process 200 used by the securetimer program 110 a, 110 b according to at least one embodiment isdepicted.

At 202, the user device sends a connection request to the server 112.The user device may also be known as a client device or a computer 102.The user device may send the connection request over a communicationnetwork 116 using a web application on the user device (e.g., computer102). The connection request may be sent using a Secure Sockets Layer(SSL) to establish a secure link between the server 112 and the userdevice. The connection request may include a request to access encryptedor unencrypted data either stored on a server 112 or accessible to aserver 112. The access request may, for example, include a user deviceattempting to access a timed exam, tickets sales that may have a certaintime limit in which to purchase or an online portal to pay a trafficticket by a specific deadline.

Then at 204, the server 112 generates a pass-phrase and key, thenencrypts the data and sends the encrypted data packet to the userdevice. The pass-phrase and the key may be generated via knownalgorithms. Advanced Encryption Standard (AES) may be used to create adynamic pass-phrase on the server 112 for the requested or transmitteddata. AES may include a symmetric encryption to allow for identicalencryption keys to be shared between the server 112 and the user device(e.g., computer 102). The server 112, using the secure timer program 110a, 110 b, may encrypt the data packet using an encryption key. Thesecure timer program 110 a, 110 b may create an encryption key that maybe used to create a pass-phrase or passcode to unlock the secureencrypted data. A pass-phrase, for example, may be a password created bythe secure timer program 110 a, 110 b to provide to a user deviceaccessing the encrypted data packet. The secure timer program 110 a, 110b may encrypt the data packet using either a persistent or anon-persistent type of encryption. Once encrypted, the server 112 maytransmit the encrypted data packet to the user device.

Next, at 206, the user device receives the encrypted data packet fromthe server 112 and then requests the pass-phrase from the server 112.When the user device receives the encrypted data packet, the encrypteddata packet may be fully downloaded before the user device sends therequest for the pass-phrase from the server 112. The user device maywait until the encrypted data packet is fully downloaded beforerequesting a pass-phrase from the server 112 to prevent the timer frombeginning before the encrypted data packet is fully downloaded. The userdevice may send the pass-phrase request to the server 112 once theencrypted data packet is ready to be decrypted or unlocked. Thepass-phrase, being requested after the encrypted data packet isdownloaded, may allow slower devices or connections the same allottedtime frame to view the data, interact with the data or respond to thedata as a faster user device or network connection. Additionally,sending the pass-phrase request, by the user device, to the server 112,in a separate request, may further secure the encrypted data packetsince the pass-phrase and the encrypted data packet may not be in thesame transmission. For example, the user device may create anAsynchronous JavaScript® and Extensible Markup Language (XML), alsoknown as AJAX, call once the web page loads the contents of theencrypted data packet to get the pass-phrase from the server 112.

Then at 208, the server 112 receives the pass-phrase request from theuser device and sends the pass-phrase to the user device. Once the userdevice (e.g., computer 102) has received and downloaded the encrypteddata packet, the user device may request the pass-phrase to unlock theencrypted data packet from the server 112. The secure timer program 110a, 110 b may time the pass-phrase request from the user device to theserver 112 to be after the encrypted data packet has been downloaded onthe user device. Upon receiving the request, the server 112 mayimmediately send the pass-phrase, generated previously at 204, to theuser device. The pass-phrase may, for example, be a password sent to theuser device to unlock the encrypted data packet that has been downloadedon the user device. The pass-phrase may allow the user to access theencrypted data packet sent by the server 112 and to view the data,interact with the data or respond to the data within the allotted timeframe, providing an equal amount of time for each user.

Next, at 210, the user device receives the pass-phrase from the server112, generates a key and decrypts the data. Upon receiving thepass-phrase from the server 112, the user device may generate anencryption key associated with the received pass-phrase. The user devicemay then decrypt the encrypted data packet that has previously beendownloaded. Once the secure data is decrypted, the user device may senda message to begin the timer on the server 112 and allow the user accessto the secure data.

Then at 212, the user device sends a message to the server 112 to startthe timer. Upon decrypting the fully downloaded encrypted data packet,the user device may immediately send a message to the server 112 tobegin the timer. The timer beginning after the encrypted data packet hasbeen fully downloaded may allow each user device accessing the data tohave the same amount of allocated time without unequal timedistribution. The time transmitting the message to begin the timer sentfrom the user device to the server 112 may be negligible.

At 214, the server 112 begins the timer. When the server 112 receivesthe message from the user device to begin the timer, the server 112 mayimmediately start the timer. The timer may count down until there is notime left. Once the time associated with the timer has run out, the userdevice may no longer have access to the secure data, may no longer havethe ability to interact with the data and may no longer respond to anydata. The user device may show a timer counting down or the server 112may hide the timer from the user device. The timer may act as amoderator of the duration of time the user may have access to thecontent. Once the time has elapsed, the user may no longer be allowed tosubmit a response based on the decrypted content.

One example of the secure timer program 110 a, 110 b use may include auser being allotted a specific amount of time to interact with orrespond to restricted data when the restricted data is associated withan online exam which the user may have 2 hours to complete. Therestricted data (i.e., encrypted data) may include media files, audiofiles, text files or other types of data that may be relevant to theexam. Once the user has accessed the exam, the secure timer program 110a, 110 b may check to determine if the user can still view the contentand if the user can no longer view the content, the content may beremoved. Once the timer is finished, the user may no longer be able tosend a response to the server (i.e., provide an answer). Another examplemay include a deadline for paying a fee online. An additional examplemay include a user having access to a window for a limited amount oftime to purchase tickets (e.g., concert tickets, sporting event tickets,or any ticket that may require limited seating).

It may be appreciated that FIG. 2 provides only an illustration of oneembodiment and does not imply any limitations with regard to howdifferent embodiments may be implemented. Many modifications to thedepicted embodiment(s) may be made based on design and implementationrequirements.

FIG. 3 is a block diagram 900 of internal and external components ofcomputers depicted in FIG. 1 in accordance with an illustrativeembodiment of the present invention. It should be appreciated that FIG.3 provides only an illustration of one implementation and does not implyany limitations with regard to the environments in which differentembodiments may be implemented. Many modifications to the depictedenvironments may be made based on design and implementationrequirements.

Data processing system 902, 904 is representative of any electronicdevice capable of executing machine-readable program instructions. Dataprocessing system 902, 904 may be representative of a smart phone, acomputer system, PDA, or other electronic devices. Examples of computingsystems, environments, and/or configurations that may represented bydata processing system 902, 904 include, but are not limited to,personal computer systems, server 112 computer systems, thin clients,thick clients, hand-held or laptop devices, multiprocessor systems,microprocessor-based systems, network PCs, minicomputer systems, anddistributed cloud computing environments that include any of the abovesystems or devices.

User client computer 102 and network server 112 may include respectivesets of internal components 902 a, b and external components 904 a, billustrated in FIG. 3. Each of the sets of internal components 902 a, bincludes one or more processors 906, one or more computer-readable RAMs908, and one or more computer-readable ROMs 910 on one or more buses912, and one or more operating systems 914 and one or morecomputer-readable tangible storage devices 916. The one or moreoperating systems 914, the software program 108 and the secure timerprogram 110 a in client computer 102, and the secure timer program 110 bin network server 112, may be stored on one or more computer-readabletangible storage devices 916 for execution by one or more processors 906via one or more RAMs 908 (which typically include cache memory). In theembodiment illustrated in FIG. 3, each of the computer-readable tangiblestorage devices 916 is a magnetic disk storage device of an internalhard drive. Alternatively, each of the computer-readable tangiblestorage devices 916 is a semiconductor storage device such as ROM 910,EPROM, flash memory or any other computer-readable tangible storagedevice that can store a computer program and digital information.

Each set of internal components 902 a, b also includes a R/W drive orinterface 918 to read from and write to one or more portablecomputer-readable tangible storage devices 920 such as a CD-ROM, DVD,memory stick, magnetic tape, magnetic disk, optical disk orsemiconductor storage device. A software program, such as the softwareprogram 108 and the secure timer program 110 a, 110 b can be stored onone or more of the respective portable computer-readable tangiblestorage devices 920, read via the respective R/W drive or interface 918,and loaded into the respective hard drive 916.

Each set of internal components 902 a, b may also include networkadapters (or switch port cards) or interfaces 922 such as a TCP/IPadapter cards, wireless wi-fi interface cards, or 3G or 4G wirelessinterface cards or other wired or wireless communication links. Thesoftware program 108 and the secure timer program 110 a in clientcomputer 102 and the secure timer program 110 b in network servercomputer 112 can be downloaded from an external computer (e.g., server)via a network (for example, the Internet, a local area network or other,wide area network) and respective network adapters or interfaces 922.From the network adapters (or switch port adaptors) or interfaces 922,the software program 108 and the secure timer program 110 a in clientcomputer 102 and the secure timer program 110 b in network servercomputer 112 are loaded into the respective hard drive 916. The networkmay comprise copper wires, optical fibers, wireless transmission,routers, firewalls, switches, gateway computers and/or edge servers.

Each of the sets of external components 904 a, b can include a computerdisplay monitor 924, a keyboard 926, and a computer mouse 928. Externalcomponents 904 a, b can also include touch screens, virtual keyboards,touch pads, pointing devices, and other human interface devices. Each ofthe sets of internal components 902 a, b also includes device drivers930 to interface to computer display monitor 924, keyboard 926, andcomputer mouse 928. The device drivers 930, R/W drive or interface 918,and network adapter or interface 922 comprise hardware and software(stored in storage device 916 and/or ROM 910).

It is understood in advance that although this disclosure includes adetailed description on cloud computing, implementation of the teachingsrecited herein are not limited to a cloud computing environment. Rather,embodiments of the present invention are capable of being implemented inconjunction with any other type of computing environment now known orlater developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based e-mail).The consumer does not manage or control the underlying cloudinfrastructure including network, servers, operating systems, storage,or even individual application capabilities, with the possible exceptionof limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure comprising anetwork of interconnected nodes.

Referring now to FIG. 4, illustrative cloud computing environment 1000is depicted. As shown, cloud computing environment 1000 comprises one ormore cloud computing nodes 100 with which local computing devices usedby cloud consumers, such as, for example, personal digital assistant(PDA) or cellular telephone 1000A, desktop computer 1000B, laptopcomputer 1000C, and/or automobile computer system 1000N may communicate.Nodes 100 may communicate with one another. They may be grouped (notshown) physically or virtually, in one or more networks, such asPrivate, Community, Public, or Hybrid clouds as described hereinabove,or a combination thereof. This allows cloud computing environment 1000to offer infrastructure, platforms and/or software as services for whicha cloud consumer does not need to maintain resources on a localcomputing device. It is understood that the types of computing devices1000A-N shown in FIG. 4 are intended to be illustrative only and thatcomputing nodes 100 and cloud computing environment 1000 can communicatewith any type of computerized device over any type of network and/ornetwork addressable connection (e.g., using a web browser).

Referring now to FIG. 5, a set of functional abstraction layers 1100provided by cloud computing environment 1000 is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 5 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided:

Hardware and software layer 1102 includes hardware and softwarecomponents. Examples of hardware components include: mainframes 1104;RISC (Reduced Instruction Set Computer) architecture based servers 1106;servers 1108; blade servers 1110; storage devices 1112; and networks andnetworking components 1114. In some embodiments, software componentsinclude network application server software 1116 and database software1118.

Virtualization layer 1120 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers1122; virtual storage 1124; virtual networks 1126, including virtualprivate networks; virtual applications and operating systems 1128; andvirtual clients 1130.

In one example, management layer 1132 may provide the functionsdescribed below. Resource provisioning 1134 provides dynamic procurementof computing resources and other resources that are utilized to performtasks within the cloud computing environment. Metering and Pricing 1136provide cost tracking as resources are utilized within the cloudcomputing environment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal 1138 provides access to the cloud computing environment forconsumers and system administrators. Service level management 1140provides cloud computing resource allocation and management such thatrequired service levels are met. Service Level Agreement (SLA) planningand fulfillment 1142 provide pre-arrangement for, and procurement of,cloud computing resources for which a future requirement is anticipatedin accordance with an SLA.

Workloads layer 1144 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation 1146; software development and lifecycle management 1148;virtual classroom education delivery 1150; data analytics processing1152; transaction processing 1154; and timing and securing content 1156.A secure timer program 110 a, 110 b provides a way to secure and createan equal time range during which users of different network connectionsmay access secure content.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope of the describedembodiments. The terminology used herein was chosen to best explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

What is claimed is:
 1. A method for timing secured content, the methodcomprising: receiving, by a server, a connection request from a userdevice; generating, by the server, a pass-phrase and a key based on thereceived connection request; encrypting, by the server, a data packetbased on the generated pass-phrase and the generated key, wherein theencrypted data packet consists of non-persistent data, wherein theencryption method is symmetric encryption, wherein the encrypted datapacket contains a standardized exam, wherein the standardized examallocates a specified amount of time to a user to complete thestandardized exam; sending, by the server, the encrypted data packet tothe user device, wherein the sent encrypted data packet is downloaded onthe user device before the user device requests the pass-phrase from theserver; requesting, by the user device, the pass phrase from the server;receiving, by the server, the pass-phrase request from the user device;sending, by the server, the pass-phrase to the user device in responseto receiving the pass-phrase request by the user device, wherein thepass-phrase is transmitted in a separate transmission than the encrypteddata packet, and wherein the user device generates an encryption keyassociated with the pass-phrase, using the pass-phrase, that decryptsthe encrypted data packet; receiving, by the server, a message to starta timer associated with the sent data packet; starting, by the server,the timer based on the received message to start the timer; andinvalidating, by the server, access to the data packet when the timerruns out.